publications

2023

1. USENIX Security

   An Empirical Study & Evaluation of Modern CAPTCHAs

   Andrew Searles, Yoshimichi Nakatsuka, Ercan Ozturk, Andrew Paverd, Gene Tsudik, and Ai Enkoji

   In 32th USENIX Security Symposium, USENIX Security 2023, August 9-11, 2023, Anaheim, California, USA, 2023

   Abs PDF Code

   For nearly two decades, CAPTCHAs have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAs have continued to improve. Meanwhile, CAPTCHAs have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans. Given this long-standing and still-ongoing arms race, it is critical to investigate how long it takes legitimate users to solve modern CAPTCHAs, and how they are perceived by those users. In this work, we explore CAPTCHAs in the wild by evaluating users’ solving performance and perceptions of unmodified currently-deployed CAPTCHAs. We obtain this data through manual inspection of popular websites and user studies in which 1,400 participants collectively solved 14,000 CAPTCHAs. Results show significant differences between the most popular types of CAPTCHAs: surprisingly, solving time and user perception are not always correlated. We performed a comparative study to investigate the effect of experimental context – specifically the difference between solving CAPTCHAs directly versus solving them as part of a more natural task, such as account creation. Whilst there were several potential confounding factors, our results show that experimental context could have an impact on this task, and must be taken into account in future CAPTCHA studies. Finally, we investigate CAPTCHA-induced user task abandonment by analyzing participants who start and do not complete the task.

2. NDSS

   VICEROY: GDPR-/CCPA-compliant Enforcement of Verifiable Accountless Consumer Requests

   Scott Jordan, Yoshimichi Nakatsuka, Ercan Ozturk, Andrew Paverd, and Gene Tsudik

   In 30th Annual Network and Distributed System Security Symposium, NDSS 2023, San Diego, California, USA, 27 February 2023 - 3 March 2023, 2023

   Abs PDF Code

   Data regulation laws such as GDPR and CCPA provide consumers (or data subjects) with rights to request data operations such as access, modification, or deletion of their collected data. Authenticating consumers is crucial when conducting this operation, as such data can be privacy-sensitive. This is straight forward for consumers with accounts, as they simply provide authenticate by logging into their account. Such data regulation laws also require the same right to be provided to accountless consumers. However, authenticating such consumers have been adhoc, insecure, and privacy-invasive. In this work, we present VICEROY, a first-of-its-kind protocol that allows accountless consumers to authenticate themselves securely, privately, and in scale. We prove the security of VICEROY via Tamarin prover and its scalability through extensive evaluation.

2022

1. ACM MobiSys

   Vronicle: verifiable provenance for videos from mobile devices

   Yuxin (Myles) Liu, Yoshimichi Nakatsuka, Ardalan Amiri Sani, Sharad Agarwal, and Gene Tsudik

   In MobiSys ’22: The 20th Annual International Conference on Mobile Systems, Applications and Services, Portland, Oregon, 27 June 2022 - 1 July 2022, 2022

   Abs PDF Code Poster

   Videos have always been used in security-critical applications where videos are used as evidence or the videos themselves are sensitive. This was due to the fact that faking them was generally believed to be nearly impossible. However, there is a increasingly concerning trend of fraudulent videos, the so-called deepfakes. In this work we propose a novel system that generates a fine-grained, cryptographically verifiable provenance information of the videos without compromising performance. We utilize TEEs on both the device that takes the videos and the servers that processes the video. Our extensive measurements show that our proof-of-concept implementation outperforms the state-of-the-art system and is comparable with modern video hosting websites that do not provide such provenance info.

2021

1. USENIX Security

   CACTI: Captcha Avoidance via Client-side TEE Integration

   Yoshimichi Nakatsuka, Ercan Ozturk, Andrew Paverd, and Gene Tsudik

   In 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021, 2021

   Abs PDF Slides

   Preventing abuse of web services is becoming increasingly important, as bot activities are becoming wide spread. CAPTCHAs are commonly used to thwart bot abuse, by distinguishing bots from real human users. However, CAPTCHAs are well known to be frustrating for humans, as it takes time to solve. Moreover, the rise of machine learning based image recognition technology as well as CAPTCHA farms decrease the effectiveness of CAPTCHAs. In addition, privacy concerns related to more modern CAPTCHAs (e.g., behavior-based CAPTCHAs) is starting to attract public attention. In this work, we propose a novel system that utilizes client-side TEEs to solve the aforementioned issues. Our system, CACTI, allows users (bot or human) to cryptographically prove how many times they have conducted an action in a given timeframe (“rate”). Based on this “rate-proof”, the server can allow the user to skip solving CAPTCHAs entirely. Our measurements show that the end-to-end latency of CACTI is about 0.25 seconds and the overall bandwidth used is 98% smaller compared to conventional CAPTCHAs. Additionally, the use of group signature schemes prevents servers to track users based on the proofs.

2. ACM DTRAP

   PDoT: Private DNS-over-TLS with TEE Support

   Yoshimichi Nakatsuka, Andrew Paverd, and Gene Tsudik

   Digital Threats, Feb 2021

   PDF

2019

1. ACM ACSAC

   PDoT: Private DNS-over-TLS with TEE support

   Yoshimichi Nakatsuka, Andrew Paverd, and Gene Tsudik

   In Proceedings of the 35th Annual Computer Security Applications Conference, ACSAC 2019, San Juan, PR, USA, December 09-13, 2019, Feb 2019

   Abs PDF Code Slides

   DNS-over-TLS was introduced to improve user privacy, as DNS packets are currently sent over the Internet in plaintext. However, DNS-over-TLS still suffers from privacy issues from malicious recursive resolvers and also usability issues. PDoT is a novel recursive resolver architecture that aims to overcome both of these issues using Trusted Execution Environments (TEEs).

2018

1. IEEE ISCC

   FROG: A Packet Hop Count based DDoS Countermeasure in NDN

   Yoshimichi Nakatsuka, Janaka L. Wijekoon, and Hiroaki Nishi

   In 2018 IEEE Symposium on Computers and Communications, ISCC 2018, Natal, Brazil, June 25-28, 2018, Feb 2018

   Abs PDF

   Named Data Networking (NDN) is one of the emerging future Internet architecture that aims to put content in the center of the communication. Similar to the current Internet, NDN also suffers from DDoS attacks. FROG aims to detect and mitigate DDoS attacks in NDN using a novel method that utilizes packet hop counts.